Software and Security Patch Deployment
CenturyLink will update managed servers with all vendor recommended security patches, service packs, and hot-fixes and will address the overall integrity and performance of servers throughout the life of the hosting solution. Security threats are evaluated, verified, and tested before a hot-fix or patch is recommended to customers. CenturyLink Administrators will attempt to identify customer solutions that are potentially vulnerable by reviewing CenturyLink operating support systems. The SavvisStation Portal also contains information on customer systems that can be searched and parsed in order to isolate servers that are at-risk. CenturyLink will determine the appropriate security course of action in order to correct the issue, usually with little or no service disruption. Sometimes a reboot is necessary when a patch is distributed and installed, which CenturyLink will conduct during maintenance hours or coordinate with the customer.
Customers approve operating system patches or service pack upgrades that may impact their applications and templates, before patches or upgrades are added to their instances. CenturyLink may recommend system patch upgrades during the instance deployment or burn-in period.
All service packs are evaluated and tested on the standard CenturyLink managed server configurations. CenturyLink will integrate the service pack into the hardened standard operating system build and only after testing has demonstrated its stability and performance benefits. All applicable new managed servers will be automatically configured with this new base build. Existing production servers will be upgraded during maintenance windows that will be coordinated with the customer.
Hot-Fixes and Patches
All hot-fixes and non-security patches are evaluated for impact and urgency and follow the same testing and integration guidelines as service pack upgrades. Non-critical patches and hot-fixes are typically incorporated into the CenturyLink standard system build on a quarterly basis.
CenturyLink uses third-party anti-virus (AV) software in conjunction with centralized management tools to maintain AV policy control and regular signature file updates. Anti- virus technology provides protection against malware, including viruses, spyware and Trojans. Should disruption or changes occur due to malware, CenturyLink will use commercially reasonable efforts to remedy the situation as soon as possible after being notified of the problem. CenturyLink is not responsible for any damages or loss of or corruption of any Customer information, content, or data due to worms, phishing attacks, rootkits, Trojan horses and other malware, including infection of end-user devices.
Operating System and Managed Application Software Upgrades
For operating system (OS) upgrades, the customer must initiate the OS upgrade request, which will be provided at an additional charge. In addition, upgrades of managed application software can be accomplished with a change order by Customer with consulting engineering approval at an additional charge. Customer may also request minor configuration changes (i.e., requests that will not degrade service performance) through the CenturyLink Operations Center.